A new mobile Trojan has been discovered that exploits 3 serious vulnerabilities in Android devices.
Following a study by security researchers the Android Trojan, named ‘Obad’, has been reported to be the most advanced mobile Trojan to date.
Obad, like most mobile malwares has the ability once inside to send premium rate text messages, racking up users bills to extortionate amounts. The virus can also spread malicious files via Bluetooth and wifi networks by scanning for active and unsecured connections and attempting to send malicious files.
What makes Obad the most advanced mobile malware is its ability to exploit 3 dangerous vulnerabilities. Firstly, once the Trojan has gained admin rights to the device it is reported to be impossible to delete. Secondly it inhibits the systems ability to process an .xml file named ‘AndroidManifest’ which allows the Trojan to go undetected. Not only can the Trojan run riot undetected but when caught it can also be difficult to analyse, this is due to a vulnerability that affects the devices ability to covert Android executable files into JAR format (Java Archive).
Despite the malwares sophistication in exploitation, its ability to actually infect devices is less of a threat. The Trojan was analysed by experts for 3 days, in which is successfully inhibited only 0.15% of devices it attempted to attack.